research-article

Sharp: Short Relaxed Range Proofs

Authors:

Geoffroy Couteau,

Dahmun Goudarzi,

Michael Klooß,

Michael ReichleAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 609 - 622

https://doi.org/10.1145/3548606.3560628

Published: 07 November 2022 Publication History

Abstract

We provide optimized range proofs, called Sharp, in discrete logarithm and hidden order groups, based on square decomposition. In the former setting, we build on the paradigm of Couteau et al. (Eurocrypt '21) and optimize their range proof (from now on, CKLR) in several ways: (1) We introduce batching via vector commitments and an adapted ∑;-protocol. (2) We introduce a new group switching strategy to reduce communication. (3) As repetitions are necessary to instantiate CKLR in standard groups, we provide a novel batch shortness test that allows for cheaper repetitions. The analysis of our test is nontrivial and forms a core technical contribution of our work. For example, for λ = 128 bit security and B = 64 bit ranges for N = 1 (resp. N = 8) proof(s), we reduce the proof size by 34% (resp. 75%) in arbitrary groups, and by 66% (resp. 88%) in groups of order 256-bit, compared to CKLR.

As Sharp and CKLR proofs satisfy a "relaxed" notion of security, we show how to enhance their security with one additional hidden order group element. In RSA groups, this reduces the size of state of the art range proofs (Couteau et al., Eurocrypt '17) by 77% (λ = 128, B = 64, N = 1).

Finally, we implement our most optimized range proof. Compared to the state of the art Bulletproofs (Bünz et al., S&P 2018), our benchmarks show a very significant runtime improvement. Eventually, we sketch some applications of our new range proofs.

References

[1]

Damiano Abram, Ivan Damgård, Claudio Orlandi, and Peter Scholl. 2022. An Algebraic Framework for Silent Preprocessing with Trustless Setup and Active Security. In Advances in Cryptology -- CRYPTO 2022, Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer Nature Switzerland.

Digital Library

[2]

Martin R. Albrecht and Russell W. F. Lai. 2021. Subtractive Sets over Cyclotomic Rings - Limits of Schnorr-Like Arguments over Lattices. 519--548. https://doi.org/10.1007/978-3-030-84245-1_18

Digital Library

[3]

Thomas Attema, Ronald Cramer, and Lisa Kohl. 2021. A Compressed {varSigma}-Protocol Theory for Lattices. 549--579. https://doi.org/10.1007/978-3-030-84245-1_19

Digital Library

[4]

Foteini Baldimtsi and Anna Lysyanskaya. 2013. Anonymous credentials light. 1087--1098. https://doi.org/10.1145/2508859.2516687

Digital Library

[5]

Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafaël del Pino, Jens Groth, and Vadim Lyubashevsky. 2018a. Sub-linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits. 669--699. https://doi.org/10.1007/978-3-319-96881-0_23

Digital Library

[6]

Carsten Baum, Ivan Damgr ard, Vadim Lyubashevsky, Sabine Oechsner, and Chris Peikert. 2018b. More Efficient Commitments from Structured Lattice Assumptions. 368--385. https://doi.org/10.1007/978-3-319-98113-0_20

Digital Library

[7]

Fabrice Benhamouda, Stephan Krenn, Vadim Lyubashevsky, and Krzysztof Pietrzak. 2015. Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings. 305--325. https://doi.org/10.1007/978-3-319-24174-6_16

Digital Library

[8]

Johannes Blömer, Jan Bobolz, Denis Diemert, and Fabian Eidens. 2019. Updatable Anonymous Credentials and Applications to Incentive Systems. 1671--1685. https://doi.org/10.1145/3319535.3354223

Digital Library

[9]

Jan Bobolz, Fabian Eidens, Stephan Krenn, Daniel Slamanig, and Christoph Striecks. 2020. Privacy-Preserving Incentive Systems with Highly Efficient Point-Collection. 319--333. https://doi.org/10.1145/3320269.3384769

Digital Library

[10]

Fabrice Boudot. 2000. Efficient Proofs that a Committed Number Lies in an Interval. 431--444. https://doi.org/10.1007/3-540-45539-6_31

[11]

Stefan Brands. 2000. Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press.

Digital Library

[12]

Benedikt Bünz, Shashank Agrawal, Mahdi Zamani, and Dan Boneh. 2020. Zether: Towards Privacy in a Smart Contract World. 423--443. https://doi.org/10.1007/978-3-030-51280-4_23

Digital Library

[13]

Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short Proofs for Confidential Transactions and More. 315--334. https://doi.org/10.1109/SP.2018.00020

[14]

Jan Camenisch, Rafik Chaabouni, and abhi shelat. 2008. Efficient Protocols for Set Membership and Range Proofs. 234--252. https://doi.org/10.1007/978-3-540-89255-7_15

Digital Library

[15]

Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact E-Cash. 302--321. https://doi.org/10.1007/11426639_18

Digital Library

[16]

Jan Camenisch and Anna Lysyanskaya. 2001. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. 93--118. https://doi.org/10.1007/3-540-44987-6_7

[17]

Jan Camenisch and Anna Lysyanskaya. 2003. A Signature Scheme with Efficient Protocols. 268--289. https://doi.org/10.1007/3-540-36413-7_20

[18]

Melissa Chase, Sarah Meiklejohn, and Greg Zaverucha. 2014. Algebraic MACs and Keyed-Verification Anonymous Credentials. 1205--1216. https://doi.org/10.1145/2660267.2660328

Digital Library

[19]

David Chaum. 1990. Showing Credentials without Identification Transferring Signatures between Unconditionally Unlinkable Pseudonyms. 246--264. https://doi.org/10.1007/BFb0030366

[20]

Henry Corrigan-Gibbs and Dmitry Kogan. 2018. The Discrete-Logarithm Problem with Preprocessing. 415--447. https://doi.org/10.1007/978-3-319-78375-8_14

[21]

Geoffroy Couteau, Dahmun Goudarzi, Michael Klooß, and Michael Reichle. 2022. Sharp: Short Relaxed Range Proofs. Cryptology ePrint Archive, Paper 2022/1153. https://doi.org/10.1145/3548606.3560628 https://eprint.iacr.org/2022/1153.

Digital Library

[22]

Geoffroy Couteau, Michael Klooß, Huang Lin, and Michael Reichle. 2021. Efficient Range Proofs with Transparent Setup from Bounded Integer Commitments. 247--277. https://doi.org/10.1007/978-3-030-77883-5_9

Digital Library

[23]

Geoffroy Couteau, Thomas Peters, and David Pointcheval. 2017. Removing the Strong RSA Assumption from Arguments over the Integers. 321--350. https://doi.org/10.1007/978-3-319-56614-6_11

[24]

Geoffroy Couteau and Michael Reichle. 2019. Non-interactive Keyed-Verification Anonymous Credentials. 66--96. https://doi.org/10.1007/978-3-030-17253-4_3

Digital Library

[25]

Ivan Damgård and Eiichiro Fujisaki. 2002. A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. 125--142. https://doi.org/10.1007/3-540-36178-2_8

[26]

Henry de Valence, Jack Grigg, George Tankersley, Filippo Valsorda, and Isis Lovecruft. 2019. The ristretto255 group. Technical Report. IETF CFRG Internet Draft.

[27]

The Zcash developers. 2022. Zcash. https://github.com/zcash/zcash.

[28]

Pierre-Alain Fouque, Jacques Stern, and Jan-Geert Wackers. 2003. CryptoComputing with Rationals. 136--146.

[29]

Eiichiro Fujisaki and Tatsuaki Okamoto. 1997. Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. 16--30. https://doi.org/10.1007/BFb0052225

[30]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The Knowledge Complexity of Interactive Proof Systems., Vol. 18, 1 (1989), 186--208.

[31]

Jens Groth. 2005. Non-interactive Zero-Knowledge Arguments for Voting. 467--482. https://doi.org/10.1007/11496137_32

Digital Library

[32]

Jens Groth. 2011. Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic Commitments. 431--448. https://doi.org/10.1007/978-3-642-25385-0_23

Digital Library

[33]

Gunnar Hartung, Max Hoffmann, Matthias Nagel, and Andy Rupp. 2017. BBA: Improving the Security and Applicability of Privacy-Preserving Point Collection. 1925--1942. https://doi.org/10.1145/3133956.3134071

Digital Library

[34]

Max Hoffmann, Michael Klooß, Markus Raiber, and Andy Rupp. 2020. Black-Box Wallets: Fast Anonymous Two-Way Payments for Constrained Devices. Proc. Priv. Enhancing Technol., Vol. 2020, 1 (2020), 165--194. https://doi.org/10.2478/popets-2020-0010

[35]

Tibor Jager and Andy Rupp. 2016. Black-Box Accumulation: Collecting Incentives in a Privacy-Preserving Way. Proc. Priv. Enhancing Technol., Vol. 2016, 3 (2016), 62--82. https://doi.org/10.1515/popets-2016-0016

[36]

Helger Lipmaa. 2003. On Diophantine Complexity and Statistical Zero-Knowledge Arguments. 398--415. https://doi.org/10.1007/978-3-540-40061-5_26

[37]

Vadim Lyubashevsky. 2009. Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures. 598--616. https://doi.org/10.1007/978-3-642-10366-7_35

Digital Library

[38]

Vadim Lyubashevsky, Ngoc Khanh Nguyen, and Maxime Plancon. 2022. Lattice-Based Zero-Knowledge Proofs and Applications: Shorter, Simpler, and More General. In Advances in Cryptology -- CRYPTO 2022, Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer Nature Switzerland.

[39]

Vadim Lyubashevsky, Ngoc Khanh Nguyen, and Gregor Seiler. 2020. Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations. 1051--1070. https://doi.org/10.1145/3372297.3417894

Digital Library

[40]

Torben P. Pedersen. 1992. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. 129--140. https://doi.org/10.1007/3-540-46766-1_9

[41]

Sietse Ringers, Eric R. Verheul, and Jaap-Henk Hoepman. 2017. An Efficient Self-blindable Attribute-Based Credential Scheme. 3--20.

[42]

The Monero Project. 2022. Monero. https://github.com/monero-project/monero.

[43]

Pieter Wuille. 2018. libsecp256k1. https://github.com/bitcoin/secp256k1.

Cited By

Wang NChau SLiu D(2024)SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00054(1832-1848)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00054
Kastner JNguyen KReichle M(2024)Pairing-Free Blind Signatures from Standard Assumptions in the ROMAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68376-3_7(210-245)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68376-3_7
Bouvier CCastagnos GImbert LLaguillaumie F(2023)I Want to Ride My BICYCL : BICYCL Implements CryptographY in CLass GroupsJournal of Cryptology10.1007/s00145-023-09459-136:3Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1007/s00145-023-09459-1
Show More Cited By

Index Terms

Sharp: Short Relaxed Range Proofs
1. Security and privacy
  1. Cryptography
2. Theory of computation
  1. Computational complexity and cryptography

Recommendations

Efficient Non-malleable Commitment Schemes

Non-malleability protects against man-in-the middle attacks on cryptographic protocols. Non-malleable commitment schemes, for example, assure that a commitment of a message does not help to produce a commitment of a related message. Here we present ...
Efficient Non-Malleable Commitment Schemes

Non-malleability protects against man-in-the middle attacks on cryptographic protocols. Non-malleable commitment schemes, for example, assure that a commitment of a message does not help to produce a commitment of a related message. Here we present ...
On the existence of statistically hiding bit commitment schemes and fail-stop signatures
Abstract
We show that the existence of a statistically hiding bit commitment scheme with noninteractive opening and public verifiability implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
228
Total Downloads

Downloads (Last 12 months)92
Downloads (Last 6 weeks)6

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang NChau SLiu D(2024)SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00054(1832-1848)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00054
Kastner JNguyen KReichle M(2024)Pairing-Free Blind Signatures from Standard Assumptions in the ROMAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68376-3_7(210-245)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68376-3_7
Bouvier CCastagnos GImbert LLaguillaumie F(2023)I Want to Ride My BICYCL : BICYCL Implements CryptographY in CLass GroupsJournal of Cryptology10.1007/s00145-023-09459-136:3Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1007/s00145-023-09459-1
Nguyen DPhan DPointcheval D(2023)Verifiable Decentralized Multi-client Functional Encryption for Inner ProductAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8733-7_2(33-65)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8733-7_2

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents